Re: Unidentified subject!

To: simonw@cornfield.org.uk
Cc: debian-user@lists.debian.org
Subject: Re: Unidentified subject!
From: Bradley M Alexander <storm@tux.org>
Date: Wed, 15 Oct 2003 11:57:18 -0400
Message-id: <[🔎] 20031015155718.GA2685@defiant.sonsofthunder.yi.org>
In-reply-to: <[🔎] 20031015133828.7CB2B1F3CB@murphy.debian.org>
References: <[🔎] 20031015133828.7CB2B1F3CB@murphy.debian.org>

I gave a presentation a few years ago called "Reasonably secure builds"
taht covers the basics of setting up a Linux box. The slides can be found
at http://www.tux.org/~storm.

As for the iptables piece of it, yes, you should probably upgrade to a 2.4
kernel, 2.4.22 works quite well. I use an iptables script called gShield,
which can be found at http://muse.linuxmafia.org/gshield.html.

On Wed, Oct 15, 2003 at 08:38:28AM -0500, simonw@cornfield.org.uk wrote:
> Subject: Firewall security
> 
> Message-Id: <E1A9lqc-0003I1-00@gaul.cornfield.org.uk>
> From: simonw@cornfield.org.uk
> Date: Wed, 15 Oct 2003 14:37:54 +0100
> 
> 
> Hi
> 
> I have iinsatlled Debian many times in the past, but each time was for a server
> behind a firewall.
> 
> I now have to build a new server that will sit on the web directly, and move an
> existing server onto the web.
> 
> Both servers will run Woody.
> 
> Is there a document, or reference, somewhere that explains how to secure Debian
> servers . These servers will need to provide ssh, http, mail, ftp(?). I was thinking
> along the lines of iptables, but I have never configured this before. Will I have to
> upgrade to teh 2.4 kernel?
> 
> Many thanx
> 
> Simon  
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> Mailscanner thanks transtec Computers for their support.
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

-- 
--Brad
========================================================================
Bradley M. Alexander                |
gTLD SysAdmin, Security Engineer    |   storm [at] tux.org
Debian/GNU Linux Developer          |   storm [at] debian.org
========================================================================
Key fingerprints:
DSA 0x54434E65: 37F6 BCA6 621D 920C E02E  E3C8 73B2 C019 5443 4E65
RSA 0xC3BCBA91: 3F 0E 26 C1 90 14 AD 0A  C8 9C F0 93 75 A0 01 34
========================================================================
There is always a way.
The easy way is always mined.
						--Murphy's Laws of Combat

Reply to:

References:
- Unidentified subject!
  - From: simonw@cornfield.org.uk

Prev by Date: q3 server
Next by Date: problems upgrading libstdc++2.10-dev on unstable
Previous by thread: Re: Unidentified subject!
Next by thread: Unidentified subject!
Index(es):
- Date
- Thread